get_fingerprint segfaults

[kensanata]

Possibly a Net::SSLeay problem? After upgrading my machine to Debian 12, some code of mine started crashing when I called get_fingerprint on a handle where there is no client certificate.

use strict;
use IO::Socket::SSL;
my $srv = IO::Socket::SSL->new(
  LocalAddr => '0.0.0.0:1998',
  Listen => 10,
  SSL_cert_file => 'cert.pem',
  SSL_key_file => 'key.pem',
) or die "error=$!, ssl_error=$SSL_ERROR";
while (1) {
  my $cl = $srv->accept or die "failed to accept or ssl handshake: $! $SSL_ERROR";
  my $req = <$cl>;
  print $cl "Hello. Your fingerprint is:";
  print $cl $cl->get_fingerprint;
  $cl->close;
}

This assumes self-signed cert.pem and key.pem files in the same directory.

Connect:

gnutls-cli --insecure localhost:1998

Type "OK" or whatever and hit Enter.

OK
Hello. Your fingerprint is:*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.

The server quits with:

Segmentation fault

I have:

• IO::Socket::SSL 2.083
• Net::SSLeay 1.92
• OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)
• Linux sibirocobombus 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 GNU/Linux

[noxxi]

The code should have not worked before either. For one, your server does not even request a client certificate (no SSL_verify_peer set). And then it just assumed in IO::Socket::SSL::get_fingerprint_bin that it will have a certificate, thus crashing if no certificate was there. This is fixed in ea04d0e.

[kensanata]

Thanks. Of course this code does not reflect my application – it's just the bare minimum I needed to trigger the segfault.